CVE-2026-43265

MEDIUM EPSS 2.1%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() Ignore -EBUSY when checking nested events after exiting a blocking state while L2 is active, as exiting to userspace will generate a spurious userspace exit, usually with KVM_EXIT_UNKNOWN, and likely lead to the VM's demise. Continuing with the wakeup isn't perfect either, as *something* has gone sideways if a vCPU is awakened in L2 with an injected event (or worse, a nested run pending), but continuing on gives the VM a decent chance of surviving without any major side effects. As explained in the Fixes commits, it _should_ be impossible for a vCPU to be put into a blocking state with an already-injected event (exception, IRQ, or NMI). Unfortunately, userspace can stuff MP_STATE and/or injected events, and thus put the vCPU into what should be an impossible state. Don't bother trying to preserve the WARN, e.g. with an anti-syzkaller Kconfig, as WARNs can (hopefully) be added in paths where _KVM_ would be violating x86 architecture, e.g. by WARNing if KVM attempts to inject an exception or interrupt while the vCPU isn't running.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.1  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.77
linuxlinux_kernel*≥6.13  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.6

References 6

  • git.kernel.org https://git.kernel.org/stable/c/1c957773063ed3264953597e32990a748381caf6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e88b5f854bdb469424132e0bb44793ad7a7c20a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2657439265d34a911886b916ba8be97ecc117d51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78265cd066d73a5cb41c088fcae4a2515e480d97
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ead63640d4e72e6f6d464f4e31f7fecb79af8869
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec3be7dc9391085a2d96700e159d66d1328b7ff6
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1c957773063ed3264953597e32990a748381caf6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1e88b5f854bdb469424132e0bb44793ad7a7c20a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2657439265d34a911886b916ba8be97ecc117d51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78265cd066d73a5cb41c088fcae4a2515e480d97
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ead63640d4e72e6f6d464f4e31f7fecb79af8869
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec3be7dc9391085a2d96700e159d66d1328b7ff6
    Patch